diff options
author | Fernando J. Pereda <ferdy@gentoo.org> | 2005-05-23 19:23:38 +0000 |
---|---|---|
committer | Fernando J. Pereda <ferdy@gentoo.org> | 2005-05-23 19:23:38 +0000 |
commit | 46f6cbe094748f7e273c502d319162e453bc148c (patch) | |
tree | 357b5f29dae16972c808f3e8499370366def746d /net-mail | |
parent | Stable on x86. (diff) | |
download | historical-46f6cbe094748f7e273c502d319162e453bc148c.tar.gz historical-46f6cbe094748f7e273c502d319162e453bc148c.tar.bz2 historical-46f6cbe094748f7e273c502d319162e453bc148c.zip |
security bump, wrt #90622
Package-Manager: portage-2.0.51.19
Diffstat (limited to 'net-mail')
-rw-r--r-- | net-mail/qpopper/ChangeLog | 10 | ||||
-rw-r--r-- | net-mail/qpopper/Manifest | 22 | ||||
-rw-r--r-- | net-mail/qpopper/files/digest-qpopper-4.0.5-r1 | 2 | ||||
-rw-r--r-- | net-mail/qpopper/files/digest-qpopper-4.0.5-r2 | 2 | ||||
-rw-r--r-- | net-mail/qpopper/files/digest-qpopper-4.0.5-r3 (renamed from net-mail/qpopper/files/digest-qpopper-4.0.5) | 0 | ||||
-rw-r--r-- | net-mail/qpopper/files/qpopper-CAN-2005-1151.patch | 159 | ||||
-rw-r--r-- | net-mail/qpopper/files/qpopper-CAN-2005-1152.patch | 9 | ||||
-rw-r--r-- | net-mail/qpopper/qpopper-4.0.5-r1.ebuild | 124 | ||||
-rw-r--r-- | net-mail/qpopper/qpopper-4.0.5-r3.ebuild (renamed from net-mail/qpopper/qpopper-4.0.5-r2.ebuild) | 22 | ||||
-rw-r--r-- | net-mail/qpopper/qpopper-4.0.5.ebuild | 126 |
10 files changed, 207 insertions, 269 deletions
diff --git a/net-mail/qpopper/ChangeLog b/net-mail/qpopper/ChangeLog index 8b353345cdf1..d43936cbc428 100644 --- a/net-mail/qpopper/ChangeLog +++ b/net-mail/qpopper/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for net-mail/qpopper # Copyright 2000-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-mail/qpopper/ChangeLog,v 1.19 2005/02/14 13:49:32 plasmaroo Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-mail/qpopper/ChangeLog,v 1.20 2005/05/23 19:23:38 ferdy Exp $ + +*qpopper-4.0.5-r3 (23 May 2005) + + 23 May 2005; Fernando J. Pereda <ferdy@gentoo.org> + +files/qpopper-CAN-2005-1151.patch, +files/qpopper-CAN-2005-1152.patch, + -qpopper-4.0.5.ebuild, -qpopper-4.0.5-r1.ebuild, -qpopper-4.0.5-r2.ebuild, + +qpopper-4.0.5-r3.ebuild: + security bump, wrt #90622 14 Feb 2005; <plasmaroo@gentoo.org> qpopper-4.0.5-r1.ebuild, qpopper-4.0.5-r2.ebuild: diff --git a/net-mail/qpopper/Manifest b/net-mail/qpopper/Manifest index 589641623e5d..f25f0ae5997f 100644 --- a/net-mail/qpopper/Manifest +++ b/net-mail/qpopper/Manifest @@ -1,8 +1,16 @@ -MD5 f341a073a22831f6608a678a7ab8abe5 ChangeLog 2317 -MD5 8e0f244586a405d76f08ad38091ddc82 qpopper-4.0.5-r1.ebuild 3374 +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +MD5 4a27d43f4a62c377836098bd36df0c61 qpopper-4.0.5-r3.ebuild 3710 +MD5 d2c056a4f17cbd8c7eede6078e266301 ChangeLog 2607 MD5 5721b86fd871bdfab77231abc6e02f68 metadata.xml 161 -MD5 dd7ebbec5d45a3501ace80ef6f0983d0 qpopper-4.0.5-r2.ebuild 3481 -MD5 f5dc268b887d429c8842004f2232a385 qpopper-4.0.5.ebuild 3196 -MD5 843447464085eea5bb368ef6d5e357ba files/digest-qpopper-4.0.5-r1 131 -MD5 843447464085eea5bb368ef6d5e357ba files/digest-qpopper-4.0.5 131 -MD5 843447464085eea5bb368ef6d5e357ba files/digest-qpopper-4.0.5-r2 131 +MD5 b21d6d7fcaa29a2ce5ba908acf5cb295 files/qpopper-CAN-2005-1151.patch 4628 +MD5 51b7818b4d1bf784b783d980a9475e5d files/qpopper-CAN-2005-1152.patch 429 +MD5 843447464085eea5bb368ef6d5e357ba files/digest-qpopper-4.0.5-r3 131 +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.1 (GNU/Linux) + +iD8DBQFCki3VViELBEf1JB0RApSZAJ9qhJEeK1wL99WFkn60Mw4zlIH7EwCeLhpC +PPIrU58Ekv7meUxEHCAV8gM= +=AgWK +-----END PGP SIGNATURE----- diff --git a/net-mail/qpopper/files/digest-qpopper-4.0.5-r1 b/net-mail/qpopper/files/digest-qpopper-4.0.5-r1 deleted file mode 100644 index a5748117ec15..000000000000 --- a/net-mail/qpopper/files/digest-qpopper-4.0.5-r1 +++ /dev/null @@ -1,2 +0,0 @@ -MD5 e00853280c9e899711f0b0239d3d8f86 qpopper4.0.5.tar.gz 2281284 -MD5 af01c6fe9f770666dda081ab34a16b50 qpopper-files.tar.bz2 269722 diff --git a/net-mail/qpopper/files/digest-qpopper-4.0.5-r2 b/net-mail/qpopper/files/digest-qpopper-4.0.5-r2 deleted file mode 100644 index a5748117ec15..000000000000 --- a/net-mail/qpopper/files/digest-qpopper-4.0.5-r2 +++ /dev/null @@ -1,2 +0,0 @@ -MD5 e00853280c9e899711f0b0239d3d8f86 qpopper4.0.5.tar.gz 2281284 -MD5 af01c6fe9f770666dda081ab34a16b50 qpopper-files.tar.bz2 269722 diff --git a/net-mail/qpopper/files/digest-qpopper-4.0.5 b/net-mail/qpopper/files/digest-qpopper-4.0.5-r3 index a5748117ec15..a5748117ec15 100644 --- a/net-mail/qpopper/files/digest-qpopper-4.0.5 +++ b/net-mail/qpopper/files/digest-qpopper-4.0.5-r3 diff --git a/net-mail/qpopper/files/qpopper-CAN-2005-1151.patch b/net-mail/qpopper/files/qpopper-CAN-2005-1151.patch new file mode 100644 index 000000000000..583e87a73b09 --- /dev/null +++ b/net-mail/qpopper/files/qpopper-CAN-2005-1151.patch @@ -0,0 +1,159 @@ +only in patch2: +unchanged: +--- qpopper-4.0.4.orig/popper/pop_config.c ++++ qpopper-4.0.4/popper/pop_config.c +@@ -85,6 +85,7 @@ + #include <string.h> + #include <errno.h> + #include <ctype.h> ++#include <unistd.h> + #include <limits.h> + + #ifdef QPOP_OPENSSL +@@ -1487,6 +1488,8 @@ + int rslt; + char buf [ 256 ]; + struct stat stat_buf; ++ BOOL bUser = FALSE; ++ BOOL bSpool = FALSE; + + + if ( p->bUser_opts ) { +@@ -1497,14 +1500,8 @@ + p->user ); + else { + rslt = stat ( buf, &stat_buf ); +- if ( rslt == 0 ) { +- rslt = pop_config ( p, buf, CfgUser ); +- if ( rslt == POP_FAILURE ) { +- pop_log ( p, POP_PRIORITY, HERE, +- "Unable to process user options file for user %s", +- p->user ); +- } +- } ++ if ( rslt == 0 ) ++ bUser = TRUE; + } + } /* p->user_opts */ + +@@ -1517,16 +1514,46 @@ + p->user ); + else { + rslt = stat ( buf, &stat_buf ); +- if ( rslt == 0 ) { +- rslt = pop_config ( p, buf, CfgConnected ); +- if ( rslt == POP_FAILURE ) { +- pop_log ( p, POP_PRIORITY, HERE, +- "Unable to process spool options file for user %s", +- p->user ); +- } +- } ++ if ( rslt == 0 ) ++ bSpool = TRUE; + } + } /* p->spool_opts */ ++ ++ /* ++ * If we are to process either, do it as the user, not root ++ */ ++ if ( bUser || bSpool ) { ++ UID_T uid_save = 0; ++ ++ uid_save = geteuid(); ++ if ( seteuid ( pwp->pw_uid ) != 0 ) { ++ rslt = POP_FAILURE; /* seteuid failed */ ++ pop_log ( p, POP_PRIORITY, HERE, ++ "seteuid(%i) for user %s failed", ++ pwp->pw_uid, p->user ); ++ } /* seteuid failed */ ++ else { /* we are now the user */ ++ if ( bUser ) { ++ rslt = pop_config ( p, buf, CfgConnected ); ++ if ( rslt == POP_FAILURE ) ++ pop_log ( p, POP_PRIORITY, HERE, ++ "Unable to process user options file for user %s", ++ p->user ); ++ } ++ ++ if ( bSpool ) { ++ rslt = pop_config ( p, buf, CfgConnected ); ++ if ( rslt == POP_FAILURE ) ++ pop_log ( p, POP_PRIORITY, HERE, ++ "Unable to process spool options file for user %s", ++ p->user ); ++ } ++ ++ if ( seteuid ( uid_save ) != 0 ) ++ pop_log ( p, POP_PRIORITY, HERE, ++ "seteuid(%i) back failed", uid_save ); ++ } /* we are now the user */ ++ } /* bUser || bSpool */ + } + + +only in patch2: +unchanged: +--- qpopper-4.0.4.orig/popper/popauth.c ++++ qpopper-4.0.4/popper/popauth.c +@@ -107,6 +107,7 @@ + #include <fcntl.h> + #include <errno.h> + #include <string.h> ++#include <unistd.h> + + #ifndef HAVE_BCOPY + # define bcopy(src,dest,len) (void) (memcpy(dest,src,len)) +@@ -277,6 +278,7 @@ + static void helpful ( void ); + static int check_db_err ( void *db, const char *op, BOOL bExp ); + static const char *printable ( const char *p, int len ); ++static void open_trace ( char *fname ); + + + static void +@@ -453,6 +455,30 @@ + } + + ++void ++open_trace ( char *tname ) ++{ ++ UID_T uid_save = -1; ++ UID_T myuid = -1; ++ ++ ++ uid_save = geteuid(); ++ myuid = getuid(); ++ if ( seteuid ( myuid ) != 0 ) ++ adios ( HERE, "internal error @ %i", __LINE__ ); ++ ++ trace_file = fopen ( tname, "a+" ); ++ if ( trace_file == NULL ) ++ adios ( HERE, "Unable to open trace file \"%s\": %s (%d)\n", ++ tname, STRERROR(errno), errno ); ++ BLATHER1 ( "Trace and Debug destination is file \"%s\"", ++ tname ); ++ ++ if ( seteuid ( uid_save ) != 0 ) ++ adios ( HERE, "internal error @ %i", __LINE__ ); ++} ++ ++ + #ifndef HAVE_STRDUP + #include <stddef.h> + +@@ -748,13 +775,7 @@ + helpful(); + case TRACESW: + debug++; +- trace_file = fopen ( argv[1], "a+" ); +- if ( trace_file == NULL ) +- adios ( HERE, +- "Unable to open trace file \"%s\": %s (%d)\n", +- argv[1], STRERROR(errno), errno ); +- BLATHER1 ( "Trace and Debug destination is file \"%s\"", +- argv[1] ); ++ open_trace ( argv[1] ); + argc--; + argv++; + break; diff --git a/net-mail/qpopper/files/qpopper-CAN-2005-1152.patch b/net-mail/qpopper/files/qpopper-CAN-2005-1152.patch new file mode 100644 index 000000000000..73b6f245c458 --- /dev/null +++ b/net-mail/qpopper/files/qpopper-CAN-2005-1152.patch @@ -0,0 +1,9 @@ +--- qpopper-4.0.4.orig/popper/popauth.c ++++ qpopper-4.0.4/popper/popauth.c +@@ -669,6 +695,7 @@ + + memset ( &pop_pw, 0, sizeof(pop_pw) ); + memset ( &my_pw, 0, sizeof(my_pw) ); ++ umask ( 0077 ); /* make sure we don't create group- or world-writable files */ + srandom ( (unsigned int) time ( (TIME_T *) 0) ); /* seed random with the + current time */ diff --git a/net-mail/qpopper/qpopper-4.0.5-r1.ebuild b/net-mail/qpopper/qpopper-4.0.5-r1.ebuild deleted file mode 100644 index e19c4fbcb3dc..000000000000 --- a/net-mail/qpopper/qpopper-4.0.5-r1.ebuild +++ /dev/null @@ -1,124 +0,0 @@ -# Copyright 1999-2005 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-mail/qpopper/qpopper-4.0.5-r1.ebuild,v 1.6 2005/02/14 13:49:32 plasmaroo Exp $ - -IUSE="debug gdbm mailbox pam ssl xinetd" - -S=${WORKDIR}/${PN}${PV} -DESCRIPTION="A POP3 Server" -SRC_URI="ftp://ftp.qualcomm.com/eudora/servers/unix/popper/${PN}${PV}.tar.gz - http://www.ibiblio.org/gentoo/distfiles/qpopper-files.tar.bz2" -HOMEPAGE="http://www.qpopper.org/qpopper/" - -DEPEND="virtual/mta - xinetd? ( virtual/inetd ) - gdbm? ( sys-libs/gdbm ) - !gdbm? ( sys-libs/db ) - pam? ( >=sys-libs/pam-0.72 ) - ssl? ( dev-libs/openssl )" - -SLOT="0" -LICENSE="qpopper" -KEYWORDS="x86 sparc ~amd64" - -src_compile() { - - local myconf - - use pam && myconf="${myconf} --with-pam=pop3" - use mailbox && myconf="${myconf} --enable-home-dir-mail=Mailbox" - use xinetd && myconf="${myconf} --disable-standalone" || \ - myconf="${myconf} --enable-standalone" - myconf="${myconf} $(use_enable debug debugging)" - myconf="${myconf} $(use_with ssl openssl)" - myconf="${myconf} $(use_with gdbm)" - econf --enable-apop=/etc/pop.auth \ - --enable-popuid=pop \ - --enable-log-login \ - --enable-specialauth \ - --enable-log-facility=LOG_MAIL \ - --enable-uw-kludge-flag \ - ${myconf} || die "econf failed" - - if use ssl; then - umask 077 - PEM1=`/bin/mktemp ${T}/openssl.XXXXXX` - PEM2=`/bin/mktemp ${T}/openssl.XXXXXX` - /usr/bin/openssl req -newkey rsa:1024 -keyout $$PEM1 \ - -nodes -x509 -days 365 -out $$PEM2 << EOF --- -SomeState -SomeCity -SomeOrganization -SomeOrganizationalUnit -localhost.localdomain -root@localhost.localdomain -EOF - - cat $$PEM1 > cert.pem - echo "" >> cert.pem - cat $$PEM2 >> cert.pem - make || die - rm $$PEM1 $$PEM2 - umask 022 - - fi - - emake || die -} - -src_install() { - into /usr - dosbin popper/popper popper/popauth - - if use ssl; then - dodir /etc/mail/certs - fowners root:mail /etc/mail/certs - fperms 660 /etc/mail/certs - mv cert.pem ${D}/etc/mail/certs - fperms 600 /etc/mail/certs/cert.pem - fowners root:0 /etc/mail/certs/cert.pem - fi - - doman man/popauth.8 man/popper.8 - - dodoc ${WORKDIR}/GUIDE.pdf - - docinto rfc - dodoc doc/rfc*.txt - - if use pam; then - insinto /etc/pam.d - newins ${WORKDIR}/pop3.pam-system-auth pop3 - fi - - insinto /etc/xinetd.d - newins ${WORKDIR}/pop3.xinetd pop-3 -} - -pkg_postinst () { - einfo "PS. If you use APOP service to authenticate " - einfo "the users you have to follow these steps: " - einfo "" - einfo "1) create a new account named pop" - einfo "2) change the owner and permissions of" - einfo " /usr/sbin/popauth:" - einfo " # chown pop /usr/sbin/popauth" - einfo " # chmod u+s /usr/sbin/popauth" - einfo "3) initialize the authentication database:" - einfo " # popauth -init" - einfo "4) new users can be added by root:" - einfo " # popauth -user <user>" - einfo " or removed:" - einfo " # popauth -delete <user>" - einfo " Other users can add themeselves or change their" - einfo " password with the command popauth" - einfo "5) scripts or other non-interactive processes can add or change" - einfo " the passwords with the following command:" - einfo " # popauth -user <user> <password>" - einfo "" - einfo "to enable qpopper in netkit-inetd just add this in one line" - einfo "pop-3 stream tcp nowait root /usr/sbin/tcpd - /usr/sbin/in.qpopper -f /etc/qpopper.conf" - einfo "into your /etc/inetd.conf" -} diff --git a/net-mail/qpopper/qpopper-4.0.5-r2.ebuild b/net-mail/qpopper/qpopper-4.0.5-r3.ebuild index 0220208edc78..f88251fc1689 100644 --- a/net-mail/qpopper/qpopper-4.0.5-r2.ebuild +++ b/net-mail/qpopper/qpopper-4.0.5-r3.ebuild @@ -1,6 +1,8 @@ # Copyright 1999-2005 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-mail/qpopper/qpopper-4.0.5-r2.ebuild,v 1.2 2005/02/14 13:49:32 plasmaroo Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-mail/qpopper/qpopper-4.0.5-r3.ebuild,v 1.1 2005/05/23 19:23:38 ferdy Exp $ + +inherit eutils IUSE="debug gdbm mailbox pam ssl xinetd" @@ -8,24 +10,30 @@ S=${WORKDIR}/${PN}${PV} DESCRIPTION="A POP3 Server" SRC_URI="ftp://ftp.qualcomm.com/eudora/servers/unix/popper/${PN}${PV}.tar.gz http://www.ibiblio.org/gentoo/distfiles/qpopper-files.tar.bz2" -HOMEPAGE="http://www.qpopper.org/qpopper/" +HOMEPAGE="http://www.eudora.com/products/unsupported/qpopper/index.html" DEPEND="virtual/mta xinetd? ( virtual/inetd ) gdbm? ( sys-libs/gdbm ) !gdbm? ( sys-libs/db ) pam? ( - >=sys-libs/pam-0.72 - >=net-mail/mailbase-0.00-r8 - ) + >=sys-libs/pam-0.72 + >=net-mail/mailbase-0.00-r8 + ) ssl? ( dev-libs/openssl )" SLOT="0" LICENSE="qpopper" -KEYWORDS="~x86 ~sparc ~amd64" +KEYWORDS="~amd64 sparc x86" -src_compile() { +src_unpack() { + unpack ${A} + cd ${S} + epatch "${FILESDIR}/${PN}-CAN-2005-1151.patch" || die "first patch failed" + epatch "${FILESDIR}/${PN}-CAN-2005-1152.patch" || die "second patch failed" +} +src_compile() { local myconf use pam && myconf="${myconf} --with-pam=pop3" diff --git a/net-mail/qpopper/qpopper-4.0.5.ebuild b/net-mail/qpopper/qpopper-4.0.5.ebuild deleted file mode 100644 index e8514a34d3ed..000000000000 --- a/net-mail/qpopper/qpopper-4.0.5.ebuild +++ /dev/null @@ -1,126 +0,0 @@ -# Copyright 1999-2005 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-mail/qpopper/qpopper-4.0.5.ebuild,v 1.12 2005/02/07 19:08:51 blubb Exp $ - -IUSE="ssl pam" - -S=${WORKDIR}/${PN}${PV} -DESCRIPTION="A POP3 Server" -SRC_URI="ftp://ftp.qualcomm.com/eudora/servers/unix/popper/${PN}${PV}.tar.gz - http://www.ibiblio.org/gentoo/distfiles/qpopper-files.tar.bz2" -HOMEPAGE="http://www.qpopper.org/qpopper/" - -DEPEND="virtual/mta - virtual/inetd - sys-libs/gdbm - pam? ( >=sys-libs/pam-0.72 ) - ssl? ( dev-libs/openssl )" - -SLOT="0" -LICENSE="qpopper" -KEYWORDS="x86 sparc" - -src_compile() { - - local myconf - - use pam && myconf="${myconf} --with-pam=pop3" - use ssl && myconf="${myconf} --with-openssl" - - econf --enable-apop=/etc/pop.auth \ - --enable-popuid=pop \ - --enable-log-login \ - --enable-specialauth \ - --enable-log-facility=LOG_MAIL \ - --enable-debugging \ - --enable-uw-kludge-flag \ - --with-gdbm \ - ${myconf} || die "econf failed" - - if use ssl; then - if use pam; then - ./configure ${CO} --with-openssl --with-pam=pop3 - else - ./configure ${CO} --with-openssl - fi - umask 077 - PEM1=`/bin/mktemp ${T}/openssl.XXXXXX` - PEM2=`/bin/mktemp ${T}/openssl.XXXXXX` - /usr/bin/openssl req -newkey rsa:1024 -keyout $$PEM1 \ - -nodes -x509 -days 365 -out $$PEM2 << EOF --- -SomeState -SomeCity -SomeOrganization -SomeOrganizationalUnit -localhost.localdomain -root@localhost.localdomain -EOF - - cat $$PEM1 > cert.pem - echo "" >> cert.pem - cat $$PEM2 >> cert.pem - make || die - rm $$PEM1 $$PEM2 - umask 022 - - fi - - emake || die -} - -src_install() { - into /usr - dosbin popper/popper popper/popauth - - if use ssl; then - dodir /etc/mail/certs - fowners root:mail /etc/mail/certs - fperms 660 /etc/mail/certs - mv cert.pem ${D}/etc/mail/certs - fperms 600 /etc/mail/certs/cert.pem - fowners root:0 /etc/mail/certs/cert.pem - fi - - doman man/popauth.8 man/popper.8 - - dodoc ${WORKDIR}/GUIDE.pdf - - docinto rfc - dodoc doc/rfc*.txt - - if use pam; then - insinto /etc/pam.d - newins ${WORKDIR}/pop3.pam-system-auth pop3 - fi - - insinto /etc/xinetd.d - newins ${WORKDIR}/pop3.xinetd pop-3 -} - -pkg_postinst () { - einfo "PS. If you use APOP service to authenticate " - einfo "the users you have to follow these steps: " - einfo "" - einfo "1) create a new account named pop" - einfo "2) change the owner and permissions of" - einfo " /usr/sbin/popauth:" - einfo " # chown pop /usr/sbin/popauth" - einfo " # chmod u+s /usr/sbin/popauth" - einfo "3) initialize the authentication database:" - einfo " # popauth -init" - einfo "4) new users can be added by root:" - einfo " # popauth -user <user>" - einfo " or removed:" - einfo " # popauth -delete <user>" - einfo " Other users can add themeselves or change their" - einfo " password with the command popauth" - einfo "5) scripts or other non-interactive processes can add or change" - einfo " the passwords with the following command:" - einfo " # popauth -user <user> <password>" - einfo "" - einfo "to enable qpopper in netkit-inetd just add this in one line" - einfo "pop-3 stream tcp nowait root /usr/sbin/tcpd - /usr/sbin/in.qpopper -f /etc/qpopper.conf" - einfo "into your /etc/inetd.conf" -} |